}
static OM_uint32
- gss_cred_id_t cred,
- gss_ctx_id_t ctx,
- gss_name_t target,
- gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
+gssEapSupportedInitiatorExts[] = {
+};
+
+static struct gss_eap_itok_map
+gssEapAcceptorExtsFlagMap[] = {
+ { ITOK_TYPE_REAUTH_CREDS, CTX_FLAG_KRB_REAUTH_SUPPORTED },
+};
+
+static OM_uint32
+eapGssSmAcceptExts(OM_uint32 *minor,
- OM_uint32 *smFlags)
++ gss_cred_id_t cred GSSEAP_UNUSED,
++ gss_ctx_id_t ctx GSSEAP_UNUSED,
++ gss_name_t target GSSEAP_UNUSED,
++ gss_OID mech GSSEAP_UNUSED,
++ OM_uint32 reqFlags GSSEAP_UNUSED,
++ OM_uint32 timeReq GSSEAP_UNUSED,
++ gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
+ gss_buffer_t inputToken,
+ gss_buffer_t outputToken,
++ OM_uint32 *smFlags GSSEAP_UNUSED)
+{
+ OM_uint32 major;
+
+ major = gssEapProcessSupportedExts(minor, inputToken,
+ gssEapAcceptorExtsFlagMap,
+ sizeof(gssEapAcceptorExtsFlagMap) /
+ sizeof(gssEapAcceptorExtsFlagMap[0]),
+ &ctx->flags);
+ if (GSS_ERROR(major))
+ return major;
+
+ major = gssEapEncodeSupportedExts(minor,
+ gssEapSupportedInitiatorExts,
+ sizeof(gssEapSupportedInitiatorExts) /
+ sizeof(gssEapSupportedInitiatorExts[0]),
+ outputToken);
+ if (GSS_ERROR(major))
+ return major;
+
+ return GSS_S_CONTINUE_NEEDED;
+}
+
+static OM_uint32
eapGssSmAcceptAcceptorName(OM_uint32 *minor,
- gss_cred_id_t cred,
+ gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target,
- gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
- gss_buffer_t inputToken,
+ gss_name_t target GSSEAP_UNUSED,
+ gss_OID mech GSSEAP_UNUSED,
+ OM_uint32 reqFlags GSSEAP_UNUSED,
+ OM_uint32 timeReq GSSEAP_UNUSED,
+ gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
+ gss_buffer_t inputToken GSSEAP_UNUSED,
gss_buffer_t outputToken,
- OM_uint32 *smFlags)
+ OM_uint32 *smFlags GSSEAP_UNUSED)
{
OM_uint32 major;
#endif
static OM_uint32
-eapGssSmAcceptCompleteInitiatorExts(OM_uint32 *minor,
- gss_cred_id_t cred GSSEAP_UNUSED,
- gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
- gss_OID mech GSSEAP_UNUSED,
- OM_uint32 reqFlags GSSEAP_UNUSED,
- OM_uint32 timeReq GSSEAP_UNUSED,
- gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
- gss_buffer_t inputToken GSSEAP_UNUSED,
- gss_buffer_t outputToken GSSEAP_UNUSED,
- OM_uint32 *smFlags GSSEAP_UNUSED)
+eapGssSmAcceptInitiatorMIC(OM_uint32 *minor,
- gss_cred_id_t cred,
++ gss_cred_id_t cred GSSEAP_UNUSED,
+ gss_ctx_id_t ctx,
- gss_name_t target,
- gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
++ gss_name_t target GSSEAP_UNUSED,
++ gss_OID mech GSSEAP_UNUSED,
++ OM_uint32 reqFlags GSSEAP_UNUSED,
++ OM_uint32 timeReq GSSEAP_UNUSED,
++ gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
+ gss_buffer_t inputToken,
- gss_buffer_t outputToken,
- OM_uint32 *smFlags)
++ gss_buffer_t outputToken GSSEAP_UNUSED,
++ OM_uint32 *smFlags GSSEAP_UNUSED)
{
+ OM_uint32 major;
+
+ major = gssEapVerifyConversationMIC(minor, ctx, inputToken);
+ if (GSS_ERROR(major))
+ return major;
+
GSSEAP_SM_TRANSITION_NEXT(ctx);
*minor = 0;
}
static OM_uint32
-eapGssSmAcceptCompleteAcceptorExts(OM_uint32 *minor,
- gss_cred_id_t cred GSSEAP_UNUSED,
- gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
- gss_OID mech GSSEAP_UNUSED,
- OM_uint32 reqFlags GSSEAP_UNUSED,
- OM_uint32 timeReq GSSEAP_UNUSED,
- gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
- gss_buffer_t inputToken GSSEAP_UNUSED,
- gss_buffer_t outputToken GSSEAP_UNUSED,
- OM_uint32 *smFlags)
+eapGssSmAcceptAcceptorMIC(OM_uint32 *minor,
- gss_cred_id_t cred,
++ gss_cred_id_t cred GSSEAP_UNUSED,
+ gss_ctx_id_t ctx,
- gss_name_t target,
- gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
- gss_buffer_t inputToken,
++ gss_name_t target GSSEAP_UNUSED,
++ gss_OID mech GSSEAP_UNUSED,
++ OM_uint32 reqFlags GSSEAP_UNUSED,
++ OM_uint32 timeReq GSSEAP_UNUSED,
++ gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
++ gss_buffer_t inputToken GSSEAP_UNUSED,
+ gss_buffer_t outputToken,
+ OM_uint32 *smFlags)
{
+ OM_uint32 major;
+
+ major = gssEapGetConversationMIC(minor, ctx, outputToken);
+ if (GSS_ERROR(major))
+ return major;
+
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
*minor = 0;
eapGssSmAcceptGssReauth(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target,
+ gss_name_t target GSSEAP_UNUSED,
gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
+ OM_uint32 reqFlags GSSEAP_UNUSED,
+ OM_uint32 timeReq GSSEAP_UNUSED,
- gss_channel_bindings_t chanBindings,
+ gss_channel_bindings_t userChanBindings,
gss_buffer_t inputToken,
gss_buffer_t outputToken,
OM_uint32 *smFlags)
gss_cred_id_t cred,
gss_ctx_id_t ctx,
gss_name_t target,
- gss_OID mech,
+ gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags,
OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
+ gss_channel_bindings_t userChanBindings,
gss_buffer_t inputToken,
gss_buffer_t outputToken,
- OM_uint32 *smFlags)
+ OM_uint32 *smFlags GSSEAP_UNUSED)
{
OM_uint32 major, tmpMinor;
gss_name_t mechTarget = GSS_C_NO_NAME;
}
static OM_uint32
- gss_cred_id_t cred,
- gss_ctx_id_t ctx,
- gss_name_t target,
- gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
+gssEapSupportedAcceptorExts[] = {
+ ITOK_TYPE_REAUTH_CREDS,
+};
+
+static struct gss_eap_itok_map
+gssEapInitiatorExtsFlagMap[] = {
+};
+
+static OM_uint32
+eapGssSmInitExts(OM_uint32 *minor,
- OM_uint32 *smFlags)
++ gss_cred_id_t cred GSSEAP_UNUSED,
++ gss_ctx_id_t ctx GSSEAP_UNUSED,
++ gss_name_t target GSSEAP_UNUSED,
++ gss_OID mech GSSEAP_UNUSED,
++ OM_uint32 reqFlags GSSEAP_UNUSED,
++ OM_uint32 timeReq GSSEAP_UNUSED,
++ gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
+ gss_buffer_t inputToken,
+ gss_buffer_t outputToken,
- OM_uint32 major;
++ OM_uint32 *smFlags GSSEAP_UNUSED)
+{
++ OM_uint32 major = GSS_S_COMPLETE;
+
+ if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) {
+ major = gssEapEncodeSupportedExts(minor,
+ gssEapSupportedAcceptorExts,
+ sizeof(gssEapSupportedAcceptorExts) /
+ sizeof(gssEapSupportedAcceptorExts[0]),
+ outputToken);
+ } else if (inputToken != GSS_C_NO_BUFFER) {
+ major = gssEapProcessSupportedExts(minor, inputToken,
+ gssEapInitiatorExtsFlagMap,
+ sizeof(gssEapInitiatorExtsFlagMap) /
+ sizeof(gssEapInitiatorExtsFlagMap[0]),
+ &ctx->flags);
+ }
+
+ if (GSS_ERROR(major))
+ return major;
+
+ return GSS_S_CONTINUE_NEEDED;
+}
+
+static OM_uint32
eapGssSmInitIdentity(OM_uint32 *minor,
- gss_cred_id_t cred,
+ gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target,
- gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
- gss_buffer_t inputToken,
- gss_buffer_t outputToken,
+ gss_name_t target GSSEAP_UNUSED,
+ gss_OID mech GSSEAP_UNUSED,
+ OM_uint32 reqFlags GSSEAP_UNUSED,
+ OM_uint32 timeReq GSSEAP_UNUSED,
+ gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
+ gss_buffer_t inputToken GSSEAP_UNUSED,
+ gss_buffer_t outputToken GSSEAP_UNUSED,
OM_uint32 *smFlags)
{
struct eap_config eapConfig;
#endif /* GSSEAP_ENABLE_REAUTH */
static OM_uint32
-eapGssSmInitCompleteInitiatorExts(OM_uint32 *minor,
- gss_cred_id_t cred GSSEAP_UNUSED,
- gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
- gss_OID mech GSSEAP_UNUSED,
- OM_uint32 reqFlags GSSEAP_UNUSED,
- OM_uint32 timeReq GSSEAP_UNUSED,
- gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
- gss_buffer_t inputToken GSSEAP_UNUSED,
- gss_buffer_t outputToken GSSEAP_UNUSED,
- OM_uint32 *smFlags)
+eapGssSmInitInitiatorMIC(OM_uint32 *minor,
- gss_cred_id_t cred,
++ gss_cred_id_t cred GSSEAP_UNUSED,
+ gss_ctx_id_t ctx,
- gss_name_t target,
- gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
- gss_buffer_t inputToken,
++ gss_name_t target GSSEAP_UNUSED,
++ gss_OID mech GSSEAP_UNUSED,
++ OM_uint32 reqFlags GSSEAP_UNUSED,
++ OM_uint32 timeReq GSSEAP_UNUSED,
++ gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
++ gss_buffer_t inputToken GSSEAP_UNUSED,
+ gss_buffer_t outputToken,
+ OM_uint32 *smFlags)
{
+ OM_uint32 major;
+
+ major = gssEapGetConversationMIC(minor, ctx, outputToken);
+ if (GSS_ERROR(major))
+ return major;
+
GSSEAP_SM_TRANSITION_NEXT(ctx);
*minor = 0;
}
static OM_uint32
-eapGssSmInitCompleteAcceptorExts(OM_uint32 *minor,
- gss_cred_id_t cred GSSEAP_UNUSED,
- gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
- gss_OID mech GSSEAP_UNUSED,
- OM_uint32 reqFlags GSSEAP_UNUSED,
- OM_uint32 timeReq GSSEAP_UNUSED,
- gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
- gss_buffer_t inputToken GSSEAP_UNUSED,
- gss_buffer_t outputToken GSSEAP_UNUSED,
- OM_uint32 *smFlags GSSEAP_UNUSED)
+eapGssSmInitAcceptorMIC(OM_uint32 *minor,
- gss_cred_id_t cred,
++ gss_cred_id_t cred GSSEAP_UNUSED,
+ gss_ctx_id_t ctx,
- gss_name_t target,
- gss_OID mech,
- OM_uint32 reqFlags,
- OM_uint32 timeReq,
- gss_channel_bindings_t chanBindings,
++ gss_name_t target GSSEAP_UNUSED,
++ gss_OID mech GSSEAP_UNUSED,
++ OM_uint32 reqFlags GSSEAP_UNUSED,
++ OM_uint32 timeReq GSSEAP_UNUSED,
++ gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
+ gss_buffer_t inputToken,
- gss_buffer_t outputToken,
- OM_uint32 *smFlags)
++ gss_buffer_t outputToken GSSEAP_UNUSED,
++ OM_uint32 *smFlags GSSEAP_UNUSED)
{
+ OM_uint32 major;
+
+ major = gssEapVerifyConversationMIC(minor, ctx, inputToken);
+ if (GSS_ERROR(major))
+ return major;
+
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
*minor = 0;
}
OM_uint32
-gssEapMakeToken(OM_uint32 *minor,
- gss_ctx_id_t ctx,
- const gss_buffer_t innerToken,
- enum gss_eap_token_type tokenType,
- gss_buffer_t outputToken)
+gssEapContextTime(OM_uint32 *minor,
+ gss_ctx_id_t context_handle,
+ OM_uint32 *time_rec)
{
- unsigned char *p;
++ *minor = 0;
+
- outputToken->length = tokenSize(ctx->mechanismUsed, innerToken->length);
- outputToken->value = GSSEAP_MALLOC(outputToken->length);
- if (outputToken->value == NULL) {
- *minor = ENOMEM;
- return GSS_S_FAILURE;
- }
+ if (context_handle->expiryTime == 0) {
+ *time_rec = GSS_C_INDEFINITE;
+ } else {
+ time_t now, lifetime;
- p = (unsigned char *)outputToken->value;
- makeTokenHeader(ctx->mechanismUsed, innerToken->length, &p, tokenType);
- memcpy(p, innerToken->value, innerToken->length);
+ time(&now);
+ lifetime = context_handle->expiryTime - now;
+ if (lifetime <= 0) {
+ *time_rec = 0;
+ return GSS_S_CONTEXT_EXPIRED;
+ }
+ *time_rec = lifetime;
+ }
- *minor = 0;
return GSS_S_COMPLETE;
}